Installation Guide for Cisco Identity Services Engine (ISE)

As Cisco ISE doesn't directly support sending authentication logs to an HTTP destination, we will be using a syslog Forwarder.
Our setup will look like this:

---

1. What You'll Need

1. Virtual Machine with the following specs:

- 2 CPU Cores

- 4 GB RAM

- 20 GB Hard Disk

- 1x Network Interface

2. A valid NxtFireGuard License Key

---

2. Install the Latest Ubuntu or Debian Server OS 🐧

3. Update Package Sources and Upgrade Packages 🔄

sudo apt-get update -y && sudo apt-get upgrade -y

---

4. Install Docker 🐳

4.1 For Debian 11 & 12

Remove Conflicting Packages ❌

for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done

Add Docker’s GPG Key 🔑

sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

Add Docker Repository to Apt Sources 📦

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

Install Docker Packages 📥

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Verify Installation ✅

sudo docker run hello-world

4.2 For Ubuntu 24.04, 22.04 & 20.04

Remove Conflicting Packages ❌

for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done

Add Docker’s GPG Key 🔑

sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

Add Docker Repository to Apt Sources 📦

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

Install Docker Packages 📥

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Verify Installation ✅

sudo docker run hello-world

---

5. Install Git 🛠️

sudo apt-get install git -y

---

6. Create User & Add to Docker Group 👤

6.1 Create a User

Replace <username> with the desired username.

sudo adduser <username>

6.2 Add New User to Docker Group

sudo usermod -aG docker <username>

---

7. Clone Repository & Start Container 📦

7.1 Switch to New User

su <username>
cd

7.2 Download latest Release of "NxtFireGuard-Syslog-forwarder" Repository on GitHub

• visit https://github.com/NxtGenIT/NxtFireGuard-Syslog-forwarder/releases
• Download the latest Release either as .zip or as .tar.gz
• you can do so either direclty on

git clone https://github.com/NxtGenIT/NxtFireGuard-Syslog-forwarder.git && cd NxtFireGuard-Syslog-forwarder

7.3 Set your License Key

Replace YOUR_ACTUAL_LICENSE_KEY with your purchased license key.

sed -i 's/<your-license-key>/YOUR_ACTUAL_LICENSE_KEY/g' syslog/syslog-ng.conf

7.4 Start Docker Container

docker compose up -d

---

Next Steps

Setup Log Forwarding from ISE to the Container

Read this Documentation from Cisco to forward logs of category AAA Audit Logs to the Log Relay Server.

Once the setup is complete, you can return to the Adding a Host section to verify the connection.

For any questions or issues, feel free to reach out to our support team via this Contact Form.